auditor-lambda 0.3.5 → 0.3.7

package/dist/cli.js

@@ -36,6 +36,9 @@ const packageRoot = resolve(dirname(fileURLToPath(import.meta.url)), "..");
 const ADVANCE_AUDIT_CONTRACT_VERSION = "audit-code/v1alpha1";
 const WORKER_RESULT_CONTRACT_VERSION = "audit-code-worker-result/v1alpha1";
 const LARGE_FILE_PACKET_TARGET_LINES = 2500;
+const SMALL_MODEL_HINT_MAX_LINES = 500;
+const SMALL_MODEL_HINT_MAX_ESTIMATED_TOKENS = 3000;
+const DEEP_MODEL_HINT_MIN_ESTIMATED_TOKENS = 9000;
 const DIRECT_CLI_DEFAULTS = {
     rootDir: ".",
     artifactsDir: ".artifacts",
@@ -1474,6 +1477,61 @@ function isIsolatedLargeFilePacket(packet) {
     return (packet.file_paths.length === 1 &&
         packet.total_lines > LARGE_FILE_PACKET_TARGET_LINES);
 }
+function buildDispatchComplexity(packet, largeFileMode) {
+    return {
+        priority: packet.priority,
+        task_count: packet.task_ids.length,
+        file_count: packet.file_paths.length,
+        total_lines: packet.total_lines,
+        estimated_tokens: packet.estimated_tokens,
+        lenses: packet.lenses,
+        tags: packet.tags ?? [],
+        large_file_mode: largeFileMode,
+    };
+}
+function buildDispatchModelHint(complexity) {
+    const deepReasons = [];
+    if (complexity.priority === "high")
+        deepReasons.push("high_priority");
+    if (complexity.large_file_mode)
+        deepReasons.push("isolated_large_file");
+    if (complexity.estimated_tokens >= DEEP_MODEL_HINT_MIN_ESTIMATED_TOKENS) {
+        deepReasons.push("high_estimated_tokens");
+    }
+    if (complexity.tags.some((tag) => tag === "critical_flow" || tag.startsWith("critical_flow:"))) {
+        deepReasons.push("critical_flow");
+    }
+    if (complexity.tags.some((tag) => tag === "external_analyzer_signal" || tag.startsWith("external_tool:"))) {
+        deepReasons.push("external_analyzer_signal");
+    }
+    if (complexity.tags.includes("lens_verification")) {
+        deepReasons.push("lens_verification");
+    }
+    if (deepReasons.length > 0) {
+        return { tier: "deep", reasons: deepReasons };
+    }
+    const sensitiveLenses = new Set(["security", "data_integrity", "reliability"]);
+    const hasSensitiveLens = complexity.lenses.some((lens) => sensitiveLenses.has(lens));
+    if (complexity.priority === "low" &&
+        complexity.total_lines <= SMALL_MODEL_HINT_MAX_LINES &&
+        complexity.estimated_tokens <= SMALL_MODEL_HINT_MAX_ESTIMATED_TOKENS &&
+        !hasSensitiveLens &&
+        complexity.tags.length === 0) {
+        return { tier: "small", reasons: ["small_low_priority_packet"] };
+    }
+    const reasons = [];
+    if (complexity.priority === "medium")
+        reasons.push("medium_priority");
+    if (hasSensitiveLens)
+        reasons.push("sensitive_lens");
+    if (complexity.total_lines > SMALL_MODEL_HINT_MAX_LINES) {
+        reasons.push("moderate_size");
+    }
+    return {
+        tier: "standard",
+        reasons: reasons.length > 0 ? reasons : ["default_review_packet"],
+    };
+}
 function withinRoot(root, path) {
     const rootPath = resolve(root);
     const absolutePath = resolve(rootPath, path);
@@ -1625,15 +1683,31 @@ async function cmdPrepareDispatch(argv) {
                 : [];
         const taskSections = packetTasks.flatMap((task) => {
             const lensDef = lensDefs[task.lens];
+            const inputLines = task.inputs
+                ? Object.entries(task.inputs)
+                    .sort(([a], [b]) => a.localeCompare(b))
+                    .map(([key, value]) => `input.${key}: ${value}`)
+                : [];
+            const isLensVerification = task.tags?.includes("lens_verification") ?? false;
             return [
                 `### ${task.task_id}`,
                 `unit_id: ${task.unit_id}`,
                 `pass_id: ${task.pass_id}`,
                 `lens: ${task.lens}`,
+                ...(task.tags?.length ? [`tags: ${task.tags.join(", ")}`] : []),
+                ...inputLines,
                 `rationale: ${task.rationale}`,
                 "",
                 `Lens guidance: ${lensDef?.description ?? task.lens}`,
                 `Do NOT report: ${lensDef?.do_not_report ?? "N/A"}`,
+                ...(isLensVerification
+                    ? [
+                        "",
+                        "Lens verification mode: review the prior result summary in the rationale and use only targeted source checks.",
+                        "Do not redo every packet and do not write direct findings for this task.",
+                        "Return findings: [] plus verification metadata. Include followup_tasks only for bounded, specific re-review packets.",
+                    ]
+                    : []),
                 "",
             ];
         });
@@ -1641,6 +1715,7 @@ async function cmdPrepareDispatch(argv) {
             `--run-id-b64 ${toBase64Url(runId)} ` +
             `--packet-id-b64 ${toBase64Url(packet.packet_id)} ` +
             `--artifacts-dir-b64 ${toBase64Url(artifactsDir)}`;
+        const complexity = buildDispatchComplexity(packet, largeFileMode);
         for (const task of packetTasks) {
             resultMapEntries.push({
                 packet_id: packet.packet_id,
@@ -1679,6 +1754,13 @@ async function cmdPrepareDispatch(argv) {
             "  file_coverage [{path, total_lines}] - one entry per assigned file; use the line counts listed above",
             "  findings      [] or array of finding objects",
             "",
+            "Lens verification tasks:",
+            "  tasks tagged lens_verification must use findings: [] and include verification:",
+            "  {verified: boolean, needs_followup: boolean, concerns?: string[],",
+            "   coverage_concerns?: string[], confidence_concerns?: string[],",
+            "   followup_tasks?: AuditTask[]}.",
+            "  Follow-up AuditTask suggestions must stay bounded to files in this packet and use the same lens.",
+            "",
             "Each finding object:",
             "  id            unique ID, e.g. \"COR-001\"",
             "  title         short title",
@@ -1712,6 +1794,8 @@ async function cmdPrepareDispatch(argv) {
             description: `Audit ${packet.file_paths.length} file(s), ${packet.task_ids.length} task(s), ${packet.lenses.length} lens(es) (~${packet.total_lines} lines)` +
                 (largeFileMode ? " [isolated large-file mode]" : ""),
             prompt_path: promptPath,
+            complexity,
+            model_hint: buildDispatchModelHint(complexity),
         });
     }
     await writeJsonFile(dispatchPlanPath, plan);
@@ -2170,7 +2254,7 @@ async function cmdValidate(argv) {
         ...providerIssues,
     ];
     const resolvedProvider = rawSessionConfig === undefined
-        ? "auto"
+        ? "local-subprocess"
         : sessionConfigIssues.length > 0
             ? null
             : resolveFreshSessionProviderName(undefined, rawSessionConfig);

package/dist/io/runArtifacts.js

@@ -93,13 +93,13 @@ export async function writeDispatchBatchFiles(artifactsDir, runs, currentTasks)
         "",
         `This batch launched ${runs.length} deferred review run(s).`,
         "Each run keeps its own task.json, prompt.md, result.json, and status.json under .audit-artifacts/runs/<run_id>/.",
-        "Use current-tasks.json for the combined task list, then inspect the per-run files below when you need exact prompts or result paths.",
+        "Use current-tasks.json for the combined task list. The per-run files below are operational references for launched workers; do not read per-run prompt or schema files unless debugging a failed dispatch.",
         "",
         "Runs:",
         ...runs.flatMap((run) => [
             `- ${run.run_id}`,
             `  task: ${run.task_path}`,
-            `  prompt: ${run.prompt_path}`,
+            `  prompt (worker-owned; do not read during normal orchestration): ${run.prompt_path}`,
             `  result: ${run.result_path}`,
             `  status: ${run.status_path}`,
             ...(run.audit_results_path

package/dist/orchestrator/internalExecutors.js

@@ -32,6 +32,7 @@ function appendSelectiveDeepeningTasks(params) {
         lineIndex,
         runtimeValidationTasks: params.bundle.runtime_validation_tasks,
         runtimeValidationReport: params.runtimeValidationReport ?? params.bundle.runtime_validation_report,
+        externalAnalyzerResults: params.bundle.external_analyzer_results,
     });
     if (selectiveDeepeningTasks.length === 0) {
         return { bundle: params.bundle, taskCount: 0, artifacts: [] };

package/dist/orchestrator/selectiveDeepening.d.ts

@@ -1,4 +1,5 @@
 import type { AuditResult, AuditTask } from "../types.js";
+import type { ExternalAnalyzerResults } from "../types/externalAnalyzer.js";
 import type { RuntimeValidationReport, RuntimeValidationTaskManifest } from "../types/runtimeValidation.js";
 export interface BuildSelectiveDeepeningTaskOptions {
     existingTasks?: AuditTask[];
@@ -6,9 +7,12 @@ export interface BuildSelectiveDeepeningTaskOptions {
     lineIndex?: Record<string, number>;
     runtimeValidationTasks?: RuntimeValidationTaskManifest;
     runtimeValidationReport?: RuntimeValidationReport;
+    externalAnalyzerResults?: ExternalAnalyzerResults;
     maxTasks?: number;
 }
 export declare function buildSelectiveDeepeningTasks(options: BuildSelectiveDeepeningTaskOptions): AuditTask[];
 export declare const selectiveDeepeningTestUtils: {
     DEEPENING_TAG: string;
+    LENS_VERIFICATION_TAG: string;
+    LENS_VERIFICATION_FOLLOWUP_TAG: string;
 };

package/dist/orchestrator/selectiveDeepening.js

@@ -1,6 +1,16 @@
 import { createHash } from "node:crypto";
 const DEFAULT_MAX_DEEPENING_TASKS = 6;
 const DEEPENING_TAG = "selective_deepening";
+const LENS_VERIFICATION_TAG = "lens_verification";
+const LENS_VERIFICATION_FOLLOWUP_TAG = "lens_verification_followup";
+const MAX_LENS_VERIFICATION_FILES = 12;
+const MAX_LENS_VERIFICATION_RESULT_SUMMARIES = 12;
+const MAX_VERIFICATION_FOLLOWUP_TASKS_PER_RESULT = 4;
+const IMPORTANT_LENS_VERIFICATION_LENSES = new Set([
+    "security",
+    "data_integrity",
+    "reliability",
+]);
 const SEVERITY_RANK = {
     critical: 5,
     high: 4,
@@ -27,6 +37,9 @@ function priorityRank(priority) {
 function isDeepeningTask(task) {
     return task?.tags?.includes(DEEPENING_TAG) ?? false;
 }
+function isLensVerificationTask(task) {
+    return task?.tags?.includes(LENS_VERIFICATION_TAG) ?? false;
+}
 function sanitizeSegment(value) {
     const sanitized = value
         .replace(/[^a-zA-Z0-9_-]+/g, "-")
@@ -85,6 +98,29 @@ function lineCountFromSources(path, tasks, results, lineIndex) {
     }
     return lineIndex?.[path] ?? 0;
 }
+function formatList(values, maxItems) {
+    const visible = values.slice(0, maxItems);
+    const suffix = values.length > maxItems ? `, ... (+${values.length - maxItems} more)` : "";
+    return `${visible.join(", ")}${suffix}`;
+}
+function priorityLabel(priority) {
+    return priority ?? "low";
+}
+function getExternalAnalyzerPaths(externalAnalyzerResults) {
+    return new Set((externalAnalyzerResults?.results ?? [])
+        .map((result) => result && typeof result.path === "string" && result.path.length > 0
+        ? result.path
+        : null)
+        .filter((path) => path !== null));
+}
+function isRecord(value) {
+    return value !== null && typeof value === "object" && !Array.isArray(value);
+}
+function normalizedSuggestedPriority(value, fallback = "medium") {
+    return value === "high" || value === "medium" || value === "low"
+        ? value
+        : fallback;
+}
 function buildFindingFollowupTask(params) {
     const paths = pathsForFinding(params.finding, params.result, params.task);
     const triggerLabel = params.triggers.join("+");
@@ -261,6 +297,309 @@ function buildRuntimeValidationFollowupTask(params) {
         status: "pending",
     };
 }
+function sourceTaskIds(sources) {
+    return uniqueSorted(sources.map((source) => source.result.task_id));
+}
+function resultFiles(source) {
+    return uniqueSorted(source.task?.file_paths && source.task.file_paths.length > 0
+        ? source.task.file_paths
+        : source.result.file_coverage.map((coverage) => coverage.path));
+}
+function lensVerificationTriggers(params) {
+    const filePaths = uniqueSorted(params.sources.flatMap(resultFiles));
+    const findingPaths = new Set(params.sources.flatMap((source) => source.result.findings.flatMap((finding) => finding.affected_files.map((file) => file.path))));
+    const externalPathsInScope = filePaths.filter((path) => params.externalAnalyzerPaths.has(path));
+    const unresolvedExternalPaths = externalPathsInScope.filter((path) => !findingPaths.has(path));
+    const cleanResults = params.sources.filter((source) => source.result.findings.length === 0 &&
+        source.result.requires_followup !== false);
+    const highRiskCleanResults = params.sources.filter((source) => isHighRiskCleanResult(source.result, source.task));
+    const totalLines = filePaths.reduce((sum, path) => {
+        const owner = params.sources.find((source) => resultFiles(source).includes(path));
+        return (sum +
+            (owner
+                ? lineCountForPath(path, owner.task, owner.result)
+                : 0));
+    }, 0);
+    const triggers = [];
+    if (params.sources.some((source) => source.task?.priority === "high")) {
+        triggers.push("high_priority_lens");
+    }
+    if (params.sources.some((source) => source.task?.tags?.some((tag) => tag === "critical_flow" || tag.startsWith("critical_flow:")))) {
+        triggers.push("critical_flow");
+    }
+    if (params.sources.some((source) => source.task?.tags?.some((tag) => tag === "external_analyzer_signal" ||
+        tag.startsWith("external_tool:"))) ||
+        externalPathsInScope.length > 0) {
+        triggers.push("external_analyzer_signal");
+    }
+    if (unresolvedExternalPaths.length > 0) {
+        triggers.push("unresolved_external_signal");
+    }
+    if (params.sources.length >= 3 ||
+        filePaths.length >= 4 ||
+        totalLines >= 2000) {
+        triggers.push("large_lens_surface");
+    }
+    if (cleanResults.length >= 2 && cleanResults.length >= params.sources.length / 2) {
+        triggers.push("many_no_finding_results");
+    }
+    if (highRiskCleanResults.length > 0) {
+        triggers.push("high_risk_clean_result");
+    }
+    if (params.sources.some((source) => source.task?.tags?.some((tag) => tag === "large_file"))) {
+        triggers.push("large_file_reviewed");
+    }
+    return uniqueSorted(triggers);
+}
+function hasPendingBaseTaskForLens(lens, tasks, completedResultIds) {
+    return tasks.some((task) => task.lens === lens &&
+        !isDeepeningTask(task) &&
+        !completedResultIds.has(task.task_id) &&
+        task.status !== "complete");
+}
+function shouldBuildLensVerificationTask(params) {
+    if (!IMPORTANT_LENS_VERIFICATION_LENSES.has(params.lens)) {
+        return false;
+    }
+    if (params.sources.length === 0 || params.triggers.length === 0) {
+        return false;
+    }
+    const explicitlyClosedCleanScope = params.sources.every((source) => source.result.findings.length === 0 &&
+        source.result.requires_followup === false);
+    if (explicitlyClosedCleanScope &&
+        !params.triggers.some((trigger) => ["external_analyzer_signal", "unresolved_external_signal"].includes(trigger))) {
+        return false;
+    }
+    if (hasPendingBaseTaskForLens(params.lens, params.existingTasks, params.completedResultIds)) {
+        return false;
+    }
+    const enoughSurface = params.sources.length >= 2 ||
+        params.triggers.some((trigger) => [
+            "critical_flow",
+            "external_analyzer_signal",
+            "unresolved_external_signal",
+            "large_lens_surface",
+        ].includes(trigger));
+    if (!enoughSurface) {
+        return false;
+    }
+    const sourceSignature = sourceTaskIds(params.sources);
+    const candidateId = taskIdFor("steward", [params.lens, ...sourceSignature]);
+    return !params.existingTasks.some((task) => task.task_id === candidateId);
+}
+function selectLensVerificationFiles(sources, externalAnalyzerPaths) {
+    const scores = new Map();
+    function add(path, score, lines) {
+        const current = scores.get(path) ?? { score: 0, lines };
+        current.score += score;
+        current.lines = Math.max(current.lines, lines);
+        scores.set(path, current);
+    }
+    for (const source of sources) {
+        const priorityScore = priorityRank(source.task?.priority);
+        const highRiskClean = isHighRiskCleanResult(source.result, source.task);
+        for (const path of resultFiles(source)) {
+            add(path, priorityScore, lineCountForPath(path, source.task, source.result));
+            if (source.task?.tags?.includes("critical_flow"))
+                add(path, 6, 0);
+            if (source.task?.tags?.includes("external_analyzer_signal"))
+                add(path, 6, 0);
+            if (source.task?.tags?.includes("large_file"))
+                add(path, 4, 0);
+            if (highRiskClean)
+                add(path, 5, 0);
+        }
+        for (const finding of source.result.findings) {
+            for (const file of finding.affected_files) {
+                add(file.path, SEVERITY_RANK[finding.severity], 0);
+            }
+        }
+    }
+    for (const path of externalAnalyzerPaths) {
+        if (scores.has(path)) {
+            add(path, 8, 0);
+        }
+    }
+    return [...scores.entries()]
+        .sort((a, b) => {
+        const scoreDelta = b[1].score - a[1].score;
+        if (scoreDelta !== 0)
+            return scoreDelta;
+        const lineDelta = b[1].lines - a[1].lines;
+        if (lineDelta !== 0)
+            return lineDelta;
+        return a[0].localeCompare(b[0]);
+    })
+        .slice(0, MAX_LENS_VERIFICATION_FILES)
+        .map(([path]) => path);
+}
+function summarizeLensVerificationSource(source) {
+    const findings = source.result.findings.length === 0
+        ? "findings=none"
+        : `findings=${source.result.findings
+            .slice(0, 3)
+            .map((finding) => `${finding.id} ${finding.severity}/${finding.confidence} ${finding.category}: ${finding.title}`)
+            .join("; ")}${source.result.findings.length > 3 ? "; ..." : ""}`;
+    const tags = source.task?.tags?.length
+        ? ` tags=${source.task.tags.join(",")}`
+        : "";
+    return (`- ${source.result.task_id} priority=${priorityLabel(source.task?.priority)}` +
+        `${tags} files=${formatList(resultFiles(source), 4)} ${findings}` +
+        (source.result.requires_followup === true ? " requires_followup=true" : ""));
+}
+function buildLensVerificationTask(params) {
+    const sourceIds = sourceTaskIds(params.sources);
+    const selectedPaths = selectLensVerificationFiles(params.sources, params.externalAnalyzerPaths);
+    const allPaths = uniqueSorted(params.sources.flatMap(resultFiles));
+    const omittedPathCount = Math.max(0, allPaths.length - selectedPaths.length);
+    const externalPathsInScope = allPaths.filter((path) => params.externalAnalyzerPaths.has(path));
+    const summaries = params.sources
+        .sort((a, b) => a.result.task_id.localeCompare(b.result.task_id))
+        .slice(0, MAX_LENS_VERIFICATION_RESULT_SUMMARIES)
+        .map(summarizeLensVerificationSource);
+    return {
+        task_id: taskIdFor("steward", [params.lens, ...sourceIds]),
+        unit_id: `lens-steward:${params.lens}`,
+        pass_id: `lens-steward:${params.lens}`,
+        lens: params.lens,
+        file_paths: selectedPaths,
+        file_line_counts: Object.fromEntries(selectedPaths.map((path) => [
+            path,
+            lineCountFromSources(path, params.sources.map((source) => source.task).filter((task) => task !== undefined), params.sources.map((source) => source.result), params.lineIndex),
+        ])),
+        inputs: {
+            source_task_ids: sourceIds.join(","),
+            trigger_summary: params.triggers.join(","),
+        },
+        rationale: `Lens steward verification for ${params.lens} after ${params.sources.length} completed base result(s) across ${allPaths.length} file(s). ` +
+            `Triggers: ${params.triggers.join(", ")}. ` +
+            "Review whether high-risk packets are suspiciously clean, severity/confidence levels are consistent, external analyzer signals were resolved rather than hand-waved, cross-packet issues are visible, no-finding conclusions are believable, and related-file findings contradict each other. " +
+            "Do not write direct findings from this verification task; return findings: [] plus verification metadata with bounded follow-up AuditTask suggestions when needed.\n" +
+            `Selected verification files: ${formatList(selectedPaths, 8)}${omittedPathCount > 0 ? `; omitted ${omittedPathCount} lower-priority file(s) from direct source checks` : ""}.\n` +
+            (externalPathsInScope.length > 0
+                ? `External analyzer paths in scope: ${formatList(externalPathsInScope, 8)}.\n`
+                : "") +
+            "Source result summary:\n" +
+            summaries.join("\n") +
+            (params.sources.length > MAX_LENS_VERIFICATION_RESULT_SUMMARIES
+                ? `\n- ... (+${params.sources.length - MAX_LENS_VERIFICATION_RESULT_SUMMARIES} more result summaries omitted)`
+                : ""),
+        priority: "high",
+        tags: [
+            DEEPENING_TAG,
+            LENS_VERIFICATION_TAG,
+            `lens:${params.lens}`,
+            ...params.triggers.map((trigger) => `trigger:${trigger}`),
+        ],
+        status: "pending",
+    };
+}
+function buildLensVerificationTasks(params) {
+    const taskById = new Map(params.existingTasks.map((task) => [task.task_id, task]));
+    const completedResultIds = new Set(params.results.map((result) => result.task_id));
+    const externalAnalyzerPaths = getExternalAnalyzerPaths(params.externalAnalyzerResults);
+    const tasks = [];
+    for (const lens of [...IMPORTANT_LENS_VERIFICATION_LENSES].sort((a, b) => a.localeCompare(b))) {
+        const sources = params.results
+            .map((result) => ({ result, task: taskById.get(result.task_id) }))
+            .filter((source) => source.result.lens === lens &&
+            !isDeepeningTask(source.task) &&
+            !isLensVerificationTask(source.task));
+        const triggers = lensVerificationTriggers({
+            lens,
+            sources,
+            externalAnalyzerPaths,
+        });
+        if (!shouldBuildLensVerificationTask({
+            lens,
+            sources,
+            triggers,
+            existingTasks: params.existingTasks,
+            completedResultIds,
+        })) {
+            continue;
+        }
+        tasks.push(buildLensVerificationTask({
+            lens,
+            sources,
+            triggers,
+            externalAnalyzerPaths,
+            lineIndex: params.lineIndex,
+        }));
+    }
+    return tasks;
+}
+function buildVerificationFollowupTasks(params) {
+    if (!params.result.verification?.needs_followup ||
+        !Array.isArray(params.result.verification.followup_tasks) ||
+        !isLensVerificationTask(params.task)) {
+        return [];
+    }
+    const coverageByPath = new Map(params.result.file_coverage.map((coverage) => [
+        coverage.path,
+        coverage.total_lines,
+    ]));
+    const concerns = [
+        ...(params.result.verification.concerns ?? []),
+        ...(params.result.verification.coverage_concerns ?? []),
+        ...(params.result.verification.confidence_concerns ?? []),
+    ];
+    const tasks = [];
+    for (let index = 0; index < params.result.verification.followup_tasks.length; index++) {
+        if (tasks.length >= MAX_VERIFICATION_FOLLOWUP_TASKS_PER_RESULT) {
+            break;
+        }
+        const suggestion = params.result.verification.followup_tasks[index];
+        if (!isRecord(suggestion)) {
+            continue;
+        }
+        if (suggestion.lens !== params.result.lens) {
+            continue;
+        }
+        const suggestedPaths = Array.isArray(suggestion.file_paths)
+            ? suggestion.file_paths.filter((path) => typeof path === "string" && coverageByPath.has(path))
+            : [];
+        const paths = uniqueSorted(suggestedPaths);
+        if (paths.length === 0) {
+            continue;
+        }
+        const suggestedRationale = typeof suggestion.rationale === "string" && suggestion.rationale.trim().length > 0
+            ? suggestion.rationale.trim()
+            : concerns[0] ?? "Lens steward requested bounded follow-up.";
+        const suggestedId = typeof suggestion.task_id === "string" && suggestion.task_id.trim().length > 0
+            ? suggestion.task_id
+            : `suggestion-${index + 1}`;
+        tasks.push({
+            task_id: taskIdFor("steward-followup", [
+                params.result.task_id,
+                String(index),
+                suggestedId,
+                ...paths,
+                suggestedRationale,
+            ]),
+            unit_id: typeof suggestion.unit_id === "string" && suggestion.unit_id.trim().length > 0
+                ? suggestion.unit_id
+                : params.result.unit_id,
+            pass_id: `deepening:${params.result.pass_id}`,
+            lens: params.result.lens,
+            file_paths: paths,
+            file_line_counts: Object.fromEntries(paths.map((path) => [
+                path,
+                coverageByPath.get(path) ?? params.lineIndex?.[path] ?? 0,
+            ])),
+            rationale: `Lens steward follow-up from ${params.result.task_id}. ${suggestedRationale}`,
+            priority: normalizedSuggestedPriority(suggestion.priority, "medium"),
+            tags: [
+                DEEPENING_TAG,
+                LENS_VERIFICATION_FOLLOWUP_TAG,
+                "trigger:lens_verification",
+                `source_task:${sanitizeSegment(params.result.task_id)}`,
+            ],
+            status: "pending",
+        });
+    }
+    return tasks;
+}
 function findingContexts(results, taskById) {
     const contexts = [];
     for (const result of results) {
@@ -345,6 +684,16 @@ export function buildSelectiveDeepeningTasks(options) {
             lineIndex: options.lineIndex,
         }));
     }
+    for (const result of options.results) {
+        const task = taskById.get(result.task_id);
+        for (const followupTask of buildVerificationFollowupTasks({
+            result,
+            task,
+            lineIndex: options.lineIndex,
+        })) {
+            pushIfNew(followupTask);
+        }
+    }
     const runtimeTaskById = new Map((options.runtimeValidationTasks?.tasks ?? []).map((task) => [
         task.id,
         task,
@@ -369,6 +718,14 @@ export function buildSelectiveDeepeningTasks(options) {
             lineIndex: options.lineIndex,
         }));
     }
+    for (const task of buildLensVerificationTasks({
+        existingTasks,
+        results: options.results,
+        lineIndex: options.lineIndex,
+        externalAnalyzerResults: options.externalAnalyzerResults,
+    })) {
+        pushIfNew(task);
+    }
     const cleanResults = options.results
         .map((result) => ({ result, task: taskById.get(result.task_id) }))
         .filter(({ result, task }) => isHighRiskCleanResult(result, task))
@@ -389,4 +746,6 @@ export function buildSelectiveDeepeningTasks(options) {
 }
 export const selectiveDeepeningTestUtils = {
     DEEPENING_TAG,
+    LENS_VERIFICATION_TAG,
+    LENS_VERIFICATION_FOLLOWUP_TAG,
 };

package/dist/prompts/renderWorkerPrompt.js

@@ -7,13 +7,9 @@ export function renderWorkerPrompt(task) {
     if (task.preferred_executor === "agent" && task.audit_results_path) {
         const tasksPath = task.pending_audit_tasks_path ??
             `${task.artifacts_dir}/audit_tasks.json`;
-        const resultsSchemaPath = `${task.artifacts_dir}/dispatch/audit-results.schema.json`;
-        const singleResultSchemaPath = `${task.artifacts_dir}/dispatch/audit-result.schema.json`;
         const lines = [
             `Audit run: ${task.run_id}`,
             `Read: ${tasksPath}`,
-            `Array schema: ${resultsSchemaPath}`,
-            `Single-result schema: ${singleResultSchemaPath}`,
             "Scope: review only the tasks listed in the Read file. Do not add tasks,",
             "edit source files, remediate findings, run unrelated audits, or write result_path.",
             "For each listed task: read the assigned file_paths under the specified lens,",
@@ -25,6 +21,9 @@ export function renderWorkerPrompt(task) {
             "Each finding: id, title, category, severity, confidence, lens, summary,",
             "  affected_files [{path, line_start, line_end, symbol}] (objects, not strings; min 1 entry),",
             "  evidence [strings] (min 1 entry).",
+            "For tasks tagged lens_verification: do not write direct findings; use findings: []",
+            "  and include verification {verified, needs_followup, concerns, coverage_concerns,",
+            "  confidence_concerns, followup_tasks}.",
             "Constraint: line_end must not exceed total_lines for that file.",
             `Write only the JSON array of AuditResult objects to: ${task.audit_results_path}`,
         ];

package/dist/types.d.ts

@@ -88,6 +88,14 @@ export interface Finding {
     systemic?: boolean;
     related_findings?: string[];
 }
+export interface AuditVerification {
+    verified: boolean;
+    needs_followup: boolean;
+    concerns?: string[];
+    coverage_concerns?: string[];
+    confidence_concerns?: string[];
+    followup_tasks?: AuditTask[];
+}
 export interface AuditResult {
     task_id: string;
     unit_id: string;
@@ -102,4 +110,5 @@ export interface AuditResult {
     notes?: string[];
     requires_followup?: boolean;
     followup_tasks?: string[];
+    verification?: AuditVerification;
 }